Confidential
Version 1.0
ERROR REPORT
The Financial Supervisory Authority (FIN-FSA) recommends use of this form for reporting errors as referred to in chapter 9.1 of
regulations and guidelines 8/2014. Please send the form to FIN-FSA, hairio(at)finanssivalvonta.fi. Instead of using this form, the
reporting institution may use its own form for reporting the required data.
Type of report
New report, date
Complementary addition, date
Reporting institution
Name of reporting firm:
Error
Time
Cause of error
Name and telephone of reporting officer:
Error started (date and time):
Error solved (date and time):
Error observed (date and time):
Human failure
Hardware error
Card cloning
Database error
Phishing
Capacity problem
Programming error
Denial-of-service attack
Malicious software attack
Process error
External error
Unauthorised access to IT
system
Other reason
Is the error due to hardware or software changes (for example, version update)? Yes
No
Error description
Error affecting
Online bank services for private
customers
Payment card use
Website
Other abuse
Other service/function
Online bank services for
corporate customers
Data revealed to outsiders
Negotiation/Telephone
services
ATMs
Payments
Payment card abuse
Several service channels
Branches
Scope of error
Which services did the error affect? How much did the error affect customers and other parties? (for example,
number of customers)
Corrective measures
Which measures were taken to correct the error?
Damages caused
Estimated damages (for example, costs in euro, service hours, and compensations)
Measures to avoid the
error in future
How can a similar future error be prevented? When were corrective measures taken or when will they be taken?
Severity of error as
regards own operations
Grounds for selected
severity class
Probability of repeated
error
small (1)
highly unlikely
(1)
slight (2)
moderate (3)
unlikely
(2)
serious (4)
possible
(3)
probable
(4)
Grounds for selected
probability class
Reported
Additional information on
the error
Internally
To whom?
Externally
To whom?
very serious (5)
highly
probable
(5)
Cause-of-error descriptions
The primary origin of the error should be reported as the cause of error. Human failure may, for example, cause several different
errors. However, human failure should be the cause selected in the form, if it was the primary origin.
Capacity problem: The resources reserved for the task are insufficient (for example, the server capacity is insufficient).
Card cloning: The error has been caused by card cloning (for example, a card has been skimmed at an ATM).
Database error: The error has been caused by a faulty database (for example, the database has run out of space).
Denial-of-service attack: A denial-of-service attack paralyses the website so that the service is inaccessible or does not work
normally. Unlike other types of attacks the goal is not to invade the system but to disturb its functioning.
External error: The error has been caused by some external reason (for example, strike, power outage, robbery).
Hardware error: The error has been caused by some hardware fault (for example, faulty server or bad router)
Human failure: The error has been caused by some person's unintentional failure.
Malicious software attack: There is malicious software in some customer hardware or some system of the bank.
Other reason: The error has been caused by something else than the reasons listed here.
Phishing: Phishing is an unlawful attempt to get hold of confidential information by posing as a party entitled to the information
in question (for example, customers have received emails asking for online banking passwords).
Process error: The process deviates from the plan (for example, a manual work phase is carried out in conflict with the process).
Programming error: There is a programming error in some system or application software.
Unauthorised access to IT system: An unauthorised party has accessed an IT system.